In an embedded system, acts such as alteration and impersonation by malware are increasing. There is a technology to acquire security of a concealment program and key information by dividing a memory region into a normal region and a secure region after startup of the system and storing the concealment program and the key information in the secure region. However, by applying this technology, both hardware and software become complicated. Besides, this technology is a security technology after startup of the system, and with regard to a countermeasure against a physical attack such as reading of data from an external ROM before power supply or a mechanism (secure boot) for safe startup or the like, another technology is applied.
There is suggested a technology in which data that includes an instruction code or the like is encrypted and stored into an external ROM, and when a processor executes a processing, the encrypted data is read from the external ROM and decrypted in the processor to execute the processing, thereby security of a system is acquired (for example, see Patent Document 1). For example, as illustrated in FIG. 18, a control program 1801, a concealment program (an encryption processing program or the like) and key information 1802 are encrypted by a common key encryption method such as an advanced encryption standard (AES) encryption method and stored into an external ROM 1813.
When a processor 1810 executes the processing of the control program or the concealment program, the processor 1810 reads encrypted data 1814 from the external ROM 1813 and performs a decryption processing in an encryption processor 1812 thereinside. Then, plaintext data 1815 being decrypted in the encryption processor 1812 is supplied to a CPU core 1811 and the processing is performed. For example, the control program calls the concealment program (an encryption processing program, a decryption processing program, or the like) (P1801), and the called concealment program accesses the key information to perform the encryption processing or the like. The control program sometimes calls an external program such as a program which is network downloaded after execution of the control program (P1802).
The system illustrated in FIG. 18, in which data (various programs and key information) to be stored into the external ROM 1813 is subjected to encryption, is effective against a physical attack such as reading of data from the external ROM. However, there is a case where the data stored into the external ROM 1813 is decrypted and plaintext data can be seen from an external program 1803 on a RAM during execution in the processor 1810, by the following reason.
There is a case where a control program copies itself in a RAM at startup and carries out execution on the RAM. Since the external ROM 1813 is accessed also when the control program is executed on the RAM, it is general that the encryption processor 1812 of the processor 1810 constantly performs a decryption processing when accessing the external ROM 1813 regardless of an address under execution. Thus, if the encrypted data (various programs and key information) stored in the external ROM 1813 is read by the program on the RAM (P1803), the data can be seen in a decrypted state (plaintext).
As a countermeasure against the above, there can be considered a method of performing authorization (safety confirmation of the program) in advance by using the concealment program or the key information, when an external program is executed. Since there are countless external programs, it is difficult to verify every one of the external programs including their behavior in advance and to confirm that malware is not included.
Patent Document 1: Japanese Laid-open Patent Publication No. 2008-210225